Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/1y9Z7hLlLTrtqjZEXXUHjbmCol0.roa
File:                     1y9Z7hLlLTrtqjZEXXUHjbmCol0.roa (raw, json)
Hash identifier:          cSPx6yirAt8ebgP8ai1kbjhBZDy+TPBZza9Ws6wgdis=
Subject key identifier:   D7:2F:59:EE:12:E5:2D:3A:ED:AA:36:44:5D:75:07:8D:B9:82:A2:5D
Certificate issuer:       /CN=02a962c1fe8e2e12a35576fd62987a0cbba463d4
Certificate serial:       019EAD158E65F830592C1BFA103B9F562850
Authority key identifier: 02:A9:62:C1:FE:8E:2E:12:A3:55:76:FD:62:98:7A:0C:BB:A4:63:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/1y9Z7hLlLTrtqjZEXXUHjbmCol0.roa
Signing time:             Tue 09 Jun 2026 15:52:11 +0000
ROA not before:           Tue 09 Jun 2026 15:52:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24875
IP address blocks:        150.40.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:15:8e:65:f8:30:59:2c:1b:fa:10:3b:9f:56:28:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02a962c1fe8e2e12a35576fd62987a0cbba463d4
        Validity
            Not Before: Jun  9 15:52:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d72f59ee12e52d3aedaa36445d75078db982a25d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:93:03:47:70:26:dc:f9:a6:37:33:3f:73:33:
                    98:f2:2e:ab:de:13:34:6e:8c:6d:05:e0:e4:41:cf:
                    7f:6d:83:e2:20:b1:08:b1:30:96:58:0c:39:dd:44:
                    53:83:c3:b5:ec:e4:18:9e:eb:1a:fc:5c:e7:b6:03:
                    d6:da:06:cb:7f:8f:45:01:69:55:7b:c5:c7:ac:72:
                    04:a9:c5:c8:65:92:6f:2d:db:52:27:50:de:b9:b1:
                    81:4e:9f:f8:e2:a5:1f:88:a7:61:04:22:fb:80:63:
                    63:82:89:fa:ca:4c:3b:8f:b7:bd:b7:cc:7e:80:29:
                    ae:55:af:17:ab:74:a9:48:5e:4b:b0:13:9a:00:62:
                    1a:c9:cf:37:67:4c:37:58:7a:39:e1:24:e8:f1:0c:
                    9b:1b:a2:3c:2f:1a:94:70:92:b6:e8:70:14:d0:a2:
                    7e:b0:0d:d6:11:09:15:1b:30:e6:e2:01:b3:9b:10:
                    44:da:bd:75:81:94:84:8a:2d:e8:e4:60:46:7d:77:
                    db:ac:f0:ef:4a:4d:11:d6:3d:9c:45:3d:30:c9:fa:
                    99:4f:27:bc:2c:68:77:87:2f:a3:e7:ba:7d:f6:87:
                    89:80:a0:4f:fb:0f:e6:64:75:f0:14:54:14:e1:59:
                    98:53:3a:81:04:ec:a9:9f:08:fa:a8:55:8a:67:fd:
                    49:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:2F:59:EE:12:E5:2D:3A:ED:AA:36:44:5D:75:07:8D:B9:82:A2:5D
            X509v3 Authority Key Identifier:
                keyid:02:A9:62:C1:FE:8E:2E:12:A3:55:76:FD:62:98:7A:0C:BB:A4:63:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/1y9Z7hLlLTrtqjZEXXUHjbmCol0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.40.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:fe:c9:ca:4f:cb:08:1a:15:92:5f:21:d5:46:b4:6c:bd:16:
         09:3e:29:db:6e:ac:fd:f9:fc:67:f2:4d:ba:a0:33:35:ee:d3:
         94:a8:b4:f6:a2:ba:0a:13:e9:2f:25:bc:ab:48:12:aa:0e:ce:
         02:db:ff:8e:19:9f:b9:82:8c:09:11:da:bd:7f:11:08:44:9c:
         24:5f:74:a4:ac:a3:72:0c:57:bf:8d:fc:07:66:18:13:37:86:
         69:38:80:6e:0e:4f:98:0d:36:dc:68:74:06:7b:d0:8c:86:e0:
         82:f7:82:29:a4:27:5d:ad:30:af:34:99:a1:7f:cd:df:55:ef:
         68:80:9a:56:78:f6:50:b8:c6:90:33:d6:ea:89:75:f4:0b:06:
         54:1f:6b:f5:2d:02:f8:48:a6:10:da:47:b5:d3:08:1c:80:a7:
         5e:f2:de:ab:27:df:4d:28:ef:4a:16:3b:10:66:1d:0a:33:37:
         a5:af:40:bb:12:e7:a6:85:ed:a8:f1:ab:f0:62:eb:63:6d:6d:
         53:f0:78:ac:8f:3e:7c:e9:0b:e2:86:6e:78:bf:b5:67:13:06:
         e6:df:bc:36:04:1b:4f:32:dd:a8:18:0f:5b:36:78:ba:21:1e:
         fb:e0:06:d2:39:2b:1b:a4:31:ca:a7:c3:df:3f:12:15:e1:37:
         7a:cd:05:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6tFY5l+DBZLBv6EDufVihQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYTk2MmMxZmU4ZTJlMTJhMzU1NzZmZDYyOTg3YTBjYmJh
NDYzZDQwHhcNMjYwNjA5MTU1MjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzJmNTllZTEyZTUyZDNhZWRhYTM2NDQ1ZDc1MDc4ZGI5ODJhMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJMDR3Am3PmmNzM/czOY8i6r3hM0
boxtBeDkQc9/bYPiILEIsTCWWAw53URTg8O17OQYnusa/FzntgPW2gbLf49FAWlV
e8XHrHIEqcXIZZJvLdtSJ1DeubGBTp/44qUfiKdhBCL7gGNjgon6ykw7j7e9t8x+
gCmuVa8Xq3SpSF5LsBOaAGIayc83Z0w3WHo54STo8QybG6I8LxqUcJK26HAU0KJ+
sA3WEQkVGzDm4gGzmxBE2r11gZSEii3o5GBGfXfbrPDvSk0R1j2cRT0wyfqZTye8
LGh3hy+j57p99oeJgKBP+w/mZHXwFFQU4VmYUzqBBOypnwj6qFWKZ/1JEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcvWe4S5S067ao2RF11B425gqJdMB8GA1UdIwQY
MBaAFAKpYsH+ji4So1V2/WKYegy7pGPUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXFsaXdmNk9MaEtqVlhiOVlwaDZETHVrWTlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jNjE3OWEtMTYwZC00MGUyLWFlODYt
N2QxMzQ5ODBjNWJlLzEvMXk5WjdoTGxMVHJ0cWpaRVhYVUhqYm1Db2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jNjE3OWEtMTYwZC00MGUyLWFlODYtN2QxMzQ5ODBjNWJl
LzEvQXFsaXdmNk9MaEtqVlhiOVlwaDZETHVrWTlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlihnMA0G
CSqGSIb3DQEBCwUAA4IBAQAY/snKT8sIGhWSXyHVRrRsvRYJPinbbqz9+fxn8k26
oDM17tOUqLT2oroKE+kvJbyrSBKqDs4C2/+OGZ+5gowJEdq9fxEIRJwkX3SkrKNy
DFe/jfwHZhgTN4ZpOIBuDk+YDTbcaHQGe9CMhuCC94IppCddrTCvNJmhf83fVe9o
gJpWePZQuMaQM9bqiXX0CwZUH2v1LQL4SKYQ2ke10wgcgKde8t6rJ99NKO9KFjsQ
Zh0KMzelr0C7Euemhe2o8avwYutjbW1T8Hisjz586Qvihm54v7VnEwbm37w2BBtP
Mt2oGA9bNni6IR774AbSOSsbpDHKp8PfPxIV4Td6zQWd
-----END CERTIFICATE-----